Search Results

Search found 350 results on 14 pages for 'intrusion prevention'.

Page 10/14 | < Previous Page | 6 7 8 9 10 11 12 13 14 | Next Page >

Continual "The Windows Filtering Platform has blocked a connection" errors?

- by Richard

Our systems have been compromised by something recently which has lead us to carry out a more detailed look at what is happening on our workstations. I have noticed an issue where the Security log of this Windows 7 workstation is continually logging a security "Audit Failure" where the detail is that "The Windows Filtering Platform has blocked a connection". This is happening thousands of times a day and would appear to be our BT Business Broadband HGV 2700 ADSL router attempting to connect to Port 137 (NET Bios) on my workstation and being blocked. This has unfortunately had the effect of filling up the log files so much that anything which might have been of use which was logged over the weekend to help debug the intrusion has been "overwritten off the end" of the Security log. (I've since increased the log file size limits massively and turned on archiving). Does anyone know if this is standard behaviour of a BT ADSL router or whether this indicates that the router is compromised in some way or malfunctioning, or have any further suggestions as to how to diagnose this problem?

Read the article
Remove CGI from IIS7

- by jekcom

I ran some security scan and the scan said that all kind of CGI stuff are potential thread. This is part of the result : (ash) is present in the cgi-bin directory (bash) is present in the cgi-bin directory By exploiting this vulnerability, a malicious user may be able to execute arbitrary commands on a remote system. In some cases, the hacker may be able to gain root level access to the system, in which case the hacker might be able to cause copious damage to the system, or use the system as a jumping off point to target other systems on the network for intrusion and/or denial of service attacks. and many more related to cgi-bin directory. First I searched all the server for cgi-bin folder and it did not find any. Second I'm running my website on pure .NET and I don't use any scripts like php. Question is how can I remove this CGI thing from the IIS?

Read the article
What else is needed to get iptables to log into this file I created?

- by anthony01

I want to create the logging of iptables DROP's and intrusion attemps. First, I put --log-prefix "iptables: " at the end of every iptables rules in my iptables rules file. But this doesn't work, as it says there is a syntax error. So where should I put that command? (I would want to have it included in the saved rules file) Secondly, I created a file iptables.conf within /etc/rsyslog.d/, and I put the following inside of it: :msg, startswith, "iptables: " -/var/log/iptables.log & ~ I assume that at this stage, I'm supposed to restart the rsyslog daemon. What else is needed to do what I'm attempting? Thanks a lot

Read the article
can Snort be installed on VPS?

- by jack

Hi Linux Admins I want the maximum security for my linux vps. I found many tutorials round the net but it doesn't cover the Snort. Only those like portentry, logsentry, tripwire and so on. So I'm beginning to think that Snort is not appropriate for a linux host. I think it's suitable only as a proxy/middle-man that checks traffic before passing to acutual targets. I'd like to whether Snort can be installed on VPS which serves typical servers like web/mail. Can Snort be in complict with OSSEC which I think it doesn't check the traffic but the log files only for Intrusion Detection/Anomaly? Thank you.

Read the article
OpenLDAP Password Expiration with pwdReset=TRUE?

- by jsight

I have configured the ppolicy overlay for OpenLDAP to enable password policies. These things work: Password lockouts on too many failed attempts Password Change required once pwdReset=TRUE added to user entry Password Expirations If the account is locked out due to intrusion attempts (too many bad passwords) or time (expiration time hit), the account must be reset by an administrator. However, when the administrator sets pwdReset=TRUE in the profile, this seems to also override the expiration policy. So, the password that the administrator sent out (which should be a temporary password) ends up being valid permanently. Is there a way in OpenLDAP to have a password that must be changed, but also MUST expire?

Read the article
OpenLDAP Password Expiration with pwdReset=TRUE?

- by jsight

I have configured the ppolicy overlay for OpenLDAP to enable password policies. These things work: Password lockouts on too many failed attempts Password Change required once pwdReset=TRUE added to user entry Password Expirations If the account is locked out due to intrusion attempts (too many bad passwords) or time (expiration time hit), the account must be reset by an administrator. However, when the administrator sets pwdReset=TRUE in the profile, this seems to also override the expiration policy. So, the password that the administrator sent out (which should be a temporary password) ends up being valid permanently. Is there a way in OpenLDAP to have a password that must be changed, but also MUST expire?

Read the article
Removing write permission on home and public_html on Centos/Cpanel

- by user5858

I'm running sites on two Cpanel accounts on my VPS on WHM. I'm using DSO php handler and Apache server on my Web server. After recent intrusion attacks I've chowned to root with permission 555 on $HOME and public_html folder. I'm on VPS with Cpanel on Centos. I'm running CMS based software like Joomla Drupal etc. Will this cause any problem to my VPS installation or server side processes? Drupal, Joomla, MyBB etc will not be affected by this. Some files will not be created like error_log. At least hackers will not be able to place any malicious code within home folder or the public_html folder.

Read the article
Blocking facebook's Like button in firefox

- by Quiark

Many sites today use widgets from facebook such as the Like button, list of friends who are fans of that site and so on. While it may be a nice feature, I perceive it to be a serious privacy intrusion, because facebook most likely stores information about which sites you visit. I also heard that when you are not logged into facebook, it still tracks the sites you visit (probably with a cookie) and once you log in attaches the data to your real account. For now, I want to keep using facebook, but I would like to block just these widgets so it can't track me. Is there any Firefox extension which could do that?

Read the article
What free Remote Desktop (server) solutions are there?

- by Tao

I know Ubuntu comes with a "Remote Desktop" option that appears to be a straightforward VNC server, and I'm trying to understand the alternatives. Here are the possibilities I've heard about so far: VNC VNC + SSH Tunnelling NX Server, free edition FreeNX NeatX X2Go X11 Forwarding over SSH xrdp I'm coming at this from a Windows user's perspective: To the best of my experience, RDP (aka Terminal Services) is a reasonably secure (barring mitm/server spoofing), efficient desktop sharing protocol with well-supported clients, that can be exposed to the internet when necessary without major fears of intrusion. To the best of my knowledge straight VNC is none of those things, which is where I get confused - why wouldn't a better desktop sharing technology be developed or used in the open-source world? I know VNC can be wrapped with SSH, but that seems beyond the reach of a casual user. X11 forwarding over SSH may be more or less efficient, I have no idea, but is definitely even more complicated, and doesn't (as far as I know) give you access to already-running stuff (no desktop sharing as such, just remote application running). So, I'd like any feedback/preferences amongst these or any other "Free" desktop sharing options, using these criteria and/or any others: Security (esp. for access across internet) Efficiency (bandwidth usage, responsiveness, etc) Free-ness, as in Speech (not sure where RDP or FreeNX lie for this) Free-ness, as in Beer (are there any commercial solutions with usable dependable free offerings?) Ease of use (server and client side) Cross-OS Client availability Cross-OS Server availability Support for independent sessions and shared (and/or "Console") sessions Ongoing support/maintenance/development Thanks!

Read the article
Is 'Old-School' the Wrong Way to Describe Reliable Security?

- by rickramsey

source The Hotel Toronto apparently knows how to secure its environment. "Built directly into the bedrock in 1913, the vault features an incredible 4-foot thick steel door that weighs 40 tonnes, yet can nonetheless be moved with a single finger. During construction, the gargantuan door was hauled up Yonge Street from the harbour by a team of 18 horses. " 1913. Those were the days. Sysadmins had to be strong as bulls and willing to shovel horse maneur. At least nowadays you don't have to be that strong. And, if you happen to be trying to secure your Oracle Linux environment, you may be able to avoid the shoveling, as well. Provided you know the tricks of the trade contained in these two recently published articles. Tips for Hardening an Oracle Linux Server General strategies for hardening an Oracle Linux server. Oracle Linux comes "secure by default," but the actions you take when deploying the server can increase or decrease its security. How to minimize active services, lock down network services, and many other tips. By Ginny Henningsen, James Morris and Lenz Grimmer. Tips for Securing an Oracle Linux Environment System logging with logwatch and process accounting with psacct can help detect intrusion attempts and determine whether a system has been compromised. So can using the RPM package manager to verifying the integrity of installed software. These and other tools are described in this second article, which takes a wider perspective and gives you tips for securing your entire Oracle Linux environment. Also by the crack team of Ginny Henningsen, James Morris and Lenz Grimmer. - Rick Website Newsletter Facebook Twitter

Read the article
My computer may have been compromised, what should I do?

- by InkBlend

A few weeks ago, my machine (lets call it "main") was logged into wirelessly from an unauthorized host, probably using ssh. I did not detect the intrusion until a few days ago, and my machine is completely shut down. I found the login using this line from last: myusername pts/1 ipad Tue Oct 15 22:23 - 22:25 (00:02) Needless to say, not only does no one in my family own an iPad, but almost none of my friends do, either. This makes me suspect that whoever was behind this changed the hostname of their machine. Additionally, I discovered this line in the last output on another machine of mine ("secondary"): myusername pts/2 :0 Tue Oct 15 22:23 - 22:23 (00:00) This line coincides with the timestamp from main, which has password-less ssh access (through keys) to secondary. Is it possible that whoever broke in to main has also rooted secondary? How can I prevent this from happening again? Are there logs that I can look through to determine exactly how main was accessed (I am the only user on the system and have a very strong password)? Is it at all possible that this is just a weird bug that occurred? Should I, and where should I start looking for rootkits and/or keyloggers? In short, what should I do?

Read the article
Set up internal domain to use external SMTP in Exchange 2007

- by Geoffrey

I'm moving to Google Apps and have setup dual-delivery. Everything is fine, but for mail sent internally (from [email protected] to [email protected]), Exchange is not using the send connectors I have pointing to Google's servers. I believe my question is similar to this question: How to force internal email through an smtp connector in exchange 2007 Again, if a user is connected to the Exchange server and tries to send to [email protected] it works just fine, but I cannot seem to force *@mydomain.com to route correctly. This should be a fairly simple, but according to this: google.com/support/forum/p/Google+Apps/thread?tid=30b6ad03baa57289&hl=en (can't post two links due to spam prevention) It does not seem possible. Any ideas?

Read the article
Are Motherboards for the Acer Aspire One AOA150 Netbook Compatible with the AOA110?

- by Mindstormscreator

I have an Acer Aspire One ZG5 AOA110-1588 netbook, and the motherboard doesn't have a port for a SATA 2.5 inch hard drive; it only supports this slow 8GB SSD type drive. Through research I've discovered that the AOA150 motherboards do have a SATA slot, and the bottom plate of these laptops have an appropriate protrusion for the drive to fit in (for example, compare this to this). The AOA110 and AOA150 models are very similar in appearance and specs. I've even seen tutorials that involve soldering a SATA connector onto the AOA110's motherboard, essentially creating an AOA150 motherboard (right?) So, could I just swap out the motherboard in my netbook with the MBS0506001? (I'd post another link to the actual board but can't because of the spam prevention...) I assume I would also need to purchase and replace the bottom cover with a larger one and possibly get a hard drive caddy as well...? Thanks!

Read the article
Is Hyper-V Server 2008 working on Intel's Atom platform

- by Josip Medved

Did anybody try to install Hyper-V on Intel Atom platform? Hyper-V requires: x64 compatible processor with Intel VT or AMD-V technology enabled Hardware Data Execution Prevention (DEP) It seems that both requirements are satisfied with Atom as processor. However, I wonder whether there is some blocking issue (e.g. BIOS that does not support it) since all Atom motherboards I checked had quite old north/south-bridge. My intentions are to run two low-requirements virtual machines (embedded Linux), so performance should not be an issue.

Read the article
Ask a DNS server what sites it hosts - and how to possibly prevent misuse

- by Exit

I've got a server which I host my company website as well as some of my clients. I noticed a domain which I created, but never used, was being attacked by a poke and hope hacker. I imagine that the hacker collected the domain from either hitting my DNS server and requesting what domains are hosted. So, in the interest of prevention and better server management, how would I ask my own DNS server (Linux CentOS 4) what sites are being hosted on it? Also, is there a way to prevent these types of attacks by hiding this information? I would assume that DNS servers would need to keep some information public, but I'm not sure if there is something that most hosts do to help prevent these bandwidth wasting poke and hope attacks. Thanks in advance.

Read the article
PostgreSQL: performance descrease due to index bloatper

- by Henry-Nicolas Tourneur

I'm running a PgSQL 8.1 on a CentOS 4.4 system (not upgradable unfortunately). There's a Java app running on top of the PgSQL daemon and we got to reindex the database every 2 months or so. Also important: the database isn't growing. It looks like the bloat is now coming faster than before and this tends to increase. My config is available here, autovacuum daemon is enabled and running quite often: pastebin.com/RytNj7dK You can also find the output of this query wiki.postgresql.org/wiki/Show_database_bloat 3 hours after running reindex: http://pastebin.com/raw.php?i=75fybKyd 72 hours after running reindex: http://pastebin.com/raw.php?i=89VKd7PC Does anyone have any idea what should I tweak to get rid of that growing bloat? Thanks for your help PS: due to antispam prevention system, I had to remove the first 2 http:// prefixes for my two first links.

Read the article
Mouse button and keypress counter for Linux?

- by rakete

I would like to have some kind of statistic of my daily mouse/keyboard usage to help me make my keyboard layout a little bit more efficient. There is already an question about how to do this on windows, but I would like to know I anyone is aware if this is possible under linux. Another thing I already found is key-mon, a little program for screencasts that displays your mouse and keyboard presses on the screen, which would help me achieve what I want with a little bit of python coding by myself. But still, if there was an solution already, that would be easier of course. PS: obfuscated link to key-mon because of spam prevention: hxxp://code.google.com/p/key-mon/

Read the article
Configure IIS 7 Reverse Proxy to connect to TeamCity Tomcat

- by Cynicszm

We have an IIS 7 webserver configured and would like to create a reverse proxy for a TeamCity installation using Tomcat on the same machine. The IIS server site is https://somesite and I would like the TeamCity to appear as https://somesite/teamcity redirecting to http://localhost:portnumber I have installed the IIS URL Rewrite extension from http://www.iis.net/download/URLRewrite and the Application Request Routing from http://www.iis.net/download/ApplicationRequestRouting to try and setup a reverse proxy but can't get it working. The closest answer I found is an old StackOverflow question http://stackoverflow.com/questions/331755/how-do-i-setup-teamcity-for-public-access-over-https which unfortunately doesn't have a working example. I've searched a quite a bit but can't seem to find a relevant example. Any help appreciated (apologies for the bold but the spam prevention won't let me post more than 1 hyperlink)

Read the article
Who to run Marcomedia Projector executables on Windows 7?

- by shinjin

When I try to use an old app created using Macromedia Projector in Windows 7, it crashes after the first few screens. The same programs works fine on XP. I receive this error message after a few screens: Error A Fatal Error has occurred. Click OK to Quit. Pressing OK brings me a fresh one: Microsoft Visual C++ runtime Library This application has requested the Runtime to terminate it in an unusual way. Please contact the application's support team for more information. And finally I get a Macromedia Projector has stopped working message. I have already tried adjusting compatibility mode, or adding this program to the Data Execution Prevention exceptions, but none helped.

Read the article
How to check if PAE is enabled? (Windows 7 32 bits)

- by Altar

How to tell for sure if PAE (Physical Address Extensions) is enabled or not? There is a SPECIFIC command I can use? I can read a registry value or something? (Windows 7 32 bits) I have found this on Internet but it doesn't answer my question: If your server has hot-add memory ability (ability to add more memory without shutting down the server !!) or data execution prevention (DEP) is enabled then PAE will be enabled automatically !! It only reformulate the question as "does my Qosmio x505 laptop support hot-add memory?"

Read the article
Tracking down Data Execution

- by Agnel Kurian

I have some malware infecting one of our machines at home. It first showed up as winulty.exe. After investigating, I am of the opinion that winulty.exe itself is an uninfected file but is being modified after it has loaded into memory. Turning on Data Execution Prevention for all processes and services has confirmed this to be true. How do I track down the process responsible for this? I've used File Monitor from sysinternals.com to monitor winulty.exe and see this being accessed by the svchost.exe instance hosting most of the system services and also by dfrgntfs.exe. How do I know which service or which DLL has been infected?

Read the article
LVM mirroring VS RAID1

- by syrenity

Hi. Having learned a bit about LVM mirroring, I thought about replacing the current RAID-1 scheme I'm using to gain some flexibility. Problem is that according to what I found on the Internet, LVM is: 1) Slower then RAID-1, at least in reading (as only single volume being used for reading). 2) Non-reliable on power interrupts, and requires disk cache disabling for prevention of data loss. http://www.joshbryan.com/blog/2008/01/02/lvm2-mirrors-vs-md-raid-1/ Also it seems, at least to several setup guides I read (http://www.tcpdump.com/kb/os/linux/lvm-mirroring/intro.html), that one actually requires a 3rd disk for storing the LVM log. This makes the setup completely unusable on 2 disks installations, and lowers the amount of used mirror disks on higher amount of disks. Can anyone comment the above facts, and let me know his experience of using LVM mirroring? Thanks.

Read the article
reg delete gives me "access is denied" but regedit delete is ok

- by Radek

I need to delete a key from a command line. So I wanted to use reg delete "the key to be deleted" /f but I get ERROR: access is denied. From the same login session (the same user) I am able to delete the key without any troubles from regedit.exe that is not run as administrator. I cannot use runas command to execute reg that I believe would be to solution because in fact I want to use reg to delete registry entry for administrator profile so runas works again. More info in my other question Windows7 corrupted profile - prevention exists?

Read the article
Excel wizardness needed - Group By, Sort, Count function help

- by Chris

Riddle me this: You have 3 part numbers with the same part name xyz, each with a quantity of 10 items. The items can be picked during the day or week, therefore changing the amount of items on hand. I know I need to use the group by, sort, count and perhaps sumif formulas to have a running count of the number of items on hand at the end of each day (which could be positive or negative). Help? it wont let me add an image because i'm a new user. 'Oops! Your edit couldn't be submitted because: * we're sorry, but as a spam prevention mechanism, new users aren't allowed to post images. Earn more than 10 reputation to post images. '

Read the article
Relevant Knowledge spyware

- by Usman Masood

I am an advanced user, using Windows 7 with Avast! antivirus running. Today I started browsing and faced some weird popup. Upon investigation I found that "Relevant Knowledge" was running in my system. I was able to uninstall it using the Programs Manager and deleted the file's entries in the registry, but I am a little troubled due to the fact that Avast! was not able to detect it; and secondly, how it came into my system. Also, what further prevention measures should I take?

Read the article

< Previous Page | 6 7 8 9 10 11 12 13 14 | Next Page >